// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_SSL_SSL_PRIVATE_KEY_H_
#define NET_SSL_SSL_PRIVATE_KEY_H_

#include <stddef.h>
#include <stdint.h>

#include <vector>

#include "base/callback_forward.h"
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "base/strings/string_piece.h"
#include "net/base/net_errors.h"

namespace net {

// An interface for a private key for use with SSL client authentication.
class SSLPrivateKey : public base::RefCountedThreadSafe<SSLPrivateKey> {
public:
    using SignCallback = base::Callback<void(Error, const std::vector<uint8_t>&)>;

    enum class Type {
        RSA,
        ECDSA,
    };

    enum class Hash {
        MD5_SHA1,
        SHA1,
        SHA256,
        SHA384,
        SHA512,
    };

    SSLPrivateKey() { }

    // Returns whether the key is an RSA key or an ECDSA key. Although the signing
    // interface is type-agnositic and type tags in interfaces are discouraged,
    // TLS has key-specific logic in selecting which hashes to sign. Exposing the
    // key type avoids replicating BoringSSL's TLS-specific logic in SSLPrivateKey
    // implementations and complicating the interface between Chromium and
    // BoringSSL.
    virtual Type GetType() = 0;

    // Returns the digests that are supported by the key in decreasing preference.
    virtual std::vector<SSLPrivateKey::Hash> GetDigestPreferences() = 0;

    // Returns the maximum size of a signature, in bytes. For an RSA key, this
    // must be the size of the modulus.
    virtual size_t GetMaxSignatureLengthInBytes() = 0;

    // Asynchronously signs an |input| which was computed with the hash |hash|. On
    // completion, it calls |callback| with the signature or an error code if the
    // operation failed. For an RSA key, the signature is a PKCS#1 signature. The
    // SSLPrivateKey implementation is responsible for prepending the DigestInfo
    // prefix and adding PKCS#1 padding.
    virtual void SignDigest(Hash hash,
        const base::StringPiece& input,
        const SignCallback& callback)
        = 0;

protected:
    virtual ~SSLPrivateKey() { }

private:
    friend class base::RefCountedThreadSafe<SSLPrivateKey>;
    DISALLOW_COPY_AND_ASSIGN(SSLPrivateKey);
};

} // namespace net

#endif // NET_SSL_SSL_PRIVATE_KEY_H_
